CVE-2009-1891 — Uncontrolled Resource Consumption in Apache Http Server

CWE-400 — Uncontrolled Resource Consumption9 documents8 sources

Severity

7.1HIGHNVD

EPSS

18.8%

top 4.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux Debian Linux +6 more

Timeline

PublishedJul 10

Latest updateMay 2

Description

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages4 packages

▶NVDapache/http_server2.0.35 — 2.0.64+1

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Debian Linux 4.0, 5.0, 6.0, Fedora 11, Ubuntu Linux 6.06, 8.04, 8.10, 9.04, Enterprise Linux 5.3

Patches

Patch: www.mandriva.com ↗Patch: bugzilla.redhat.com ↗Patch: www.mandriva.com ↗

🔴Vulnerability Details

GHSA

GHSA-hwvh-jv6j-6p3p: The mod_deflate module in Apache httpd 2↗2022-05-02

▶

CVEList

CVE-2009-1891: The mod_deflate module in Apache httpd 2↗2009-07-10

▶

OSV

CVE-2009-1891: The mod_deflate module in Apache httpd 2↗2009-07-10

▶

📋Vendor Advisories

Ubuntu

Apache regression↗2009-08-19

▶

Ubuntu

Apache vulnerabilities↗2009-07-13

▶

Red Hat

httpd: possible temporary DoS (CPU consumption) in mod_deflate↗2009-06-26

▶

Debian

CVE-2009-1891: apache2 - The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files...↗2009

▶

💬Community

Bugzilla

CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate↗2009-07-01

▶